DDoS Attacks Increase In Size And Frequency

Distributed Denial of Service (DDoS) attacks increased in size and frequency during the first half of this year, according to figures released by Arbor Networks.

Over the last 18 months, Arbor Networks monitored an average of 124,000 DDoS attacks every week. That’s primarily because tools that can help launch a DDoS attack are readily available online for little money, or even no money at all. That means anyone with a computer, an internet connection and a grievance can launch an attack if they so wish.

Focusing on the first half of 2016, Arbor recorded a 73% increase in peak attack size over 2015, to 579Gbps. In total, 274 attacks over 100Gbps were monitored during the first half of 2016, versus just 223 in all of 2015. Arbor also recorded 46 attacks over 200Gbps during the same time period, compared to just 16 across the whole of 2015.

During the first half of 2016, the average DDoS size hit 986Mbps, a 30% increase over 2015. Given that a 1Gbps attack is generally enough to knock most organizations offline, these attacks are dangerously close to causing real damage to businesses; being knocked offline by an attack can have a huge impact on a company’s reputation as well as its financial performance.

The UK, France and the United States are the top targets for DDoS attacks, Arbor said.

The figures were collected through Arbor Networks’ ATLAS program, a collaboration between Arbor and over 300 service provider customers, who share anonymous traffic data regarding global threats.

Darren Anstee, Arbor Networks’ Chief Security Technologist, said the increase in size and frequency of attacks means companies should look at a hybrid DDoS protection.

“High bandwidth attacks can only be mitigated in the cloud, away from the intended target,” he said. “However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour. On-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS.”